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Question: 1 


On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no 
longer forwards IP packets from other hosts. The command: 

echo 1 > /proc/sys/net/ipv4/ip_forward 

temporarily resolves this issue. 

Which one of the following options is the best way to ensure this setting is saved across system 
restarts? 


A. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script 
B. Add echo 1 > /proc/sys/net/ipv4/ip_ forward to any user login script 

C. In /etc/sysct1.conf change net.ipv4.ip_ forward to 1 

D. In /etc/rc.local add net.ipv4.ip_ forward = 1 

E. In /etc/sysconfig/iptables-config add ipv4.ip_ forward = 1 


Answer: C 


Question: 2 


What information can be found in the file specified by the status parameter in an OpenVPN server 
configuration file? (Choose two.) 


A. Errors and warnings generated by the openvpn daemon 

B. Routing information 

C. Statistical information regarding the currently running openvpn daemon 
D. A list of currently connected clients 

E. A history of all clients who have connected at some point 


Answer: B,D 


Question: 3 


Which of the following lines in the sshd configuration file should, if present, be changed in order to 
increase the security of the server? (Choose two.) 


A. Protocol 2, 1 

B. PermitEmptyPasswords no 
C. Port 22 

D. PermitRootLogin yes 

E. IgnoreRhosts yes 


Answer: A,D 
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Question: 4 


Which of the following nmap parameters scans a target for open TCP ports? (Choose two.) 


MmOoOODWD> 
ch 
| 


Answer: C,E 


Question: 5 


Which of the statements below are correct regarding the following commands, which are executed 
on a Linux router? (Choose two.) 


ipé6tables -A FORWARD -s fe80::/64 —j DROP 
ip6tables -A FORWARD -d fe80::/64 —j] DROP 


A. Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD 
chain 

B. The rules disable packet forwarding because network nodes always use addresses from fe80::/64 
to identify routers in their routing tables 

C. ip6tables returns an error for the second command because the affected network is already part 
of another rule 

D. Both ip6tables commands complete without an error message or warning 

E. The rules suppress any automatic configuration through router advertisements or DHCPv6 


Answer: D,E 


Question: 6 


What option in the client configuration file would tell OpenVPN to use a dynamic source port when 
making a connection to a peer? 


A. src-port 

B. remote 

C. source-port 
D. nobind 

E. dynamic-bind 


Answer: D 


https://www.certkillers.net 


Questions & Answers PDF Page 4 


Question: 7 


Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users? 


A. The Linux user which runs the vsftpd process 

B. The Linux user that owns the root FTP directory served by vsftpd 

C. The Linux user with the same user name that was used to anonymously log into the FTP server 

D. The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable 
files 

E. The Linux user specified in the configuration option ftp_username 


Answer: E 


Question: 8 


Which of the following sshd configuration should be set to no in order to fully disable password 
based logins? (Choose two.) 


A. PAMAuthentication 

B. ChallengegeResponseAuthentication 
C. PermitPlaintextLogin 

D. UsePasswords 

E. PasswordAuthentication 


Answer: B,E 


Question: 9 


When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing 
traffic to localhost exist? 


A. All traffic to localhost must always be allowed 

B. It doesn’t matter; netfilter never affects packets addressed to localhost 

C. Some applications use the localhost interface to communicate with other applications 

D. syslogd receives messages on localhost 

E. The iptables command communicates with the netfilter management daemon netfilterd on 
localhost to create and change packet filter rules 


Answer: C 


Question: 10 


CORRECT TEXT 
What command creates a SSH key pair? (Specify ONLY the command without any path or 
parameters) 
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Answer: ssh-keygen 


Question: 11 


The content of which local file has to be transmitted to a remote SSH server in order to be able to log 
into the remote server using SSH keys? 


A. ~/.ssh/authorized_keys 
B. ~/.ssh/config 

C. ~/.ssh/id_rsa.pub 

D. ~/.ssh/id_rsa 

E. ~./ssh/known_hosts 


Answer: A 
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